Public Access WIFI Security

Discussion in 'Computer Security' started by teh Mephisto, Sep 29, 2005.

  1. teh Mephisto

    teh Mephisto Guest

    For those of you that don't know, Dartmouth College is the first college
    to go totally wireless. I'm sure many of you have been to a coffee shop
    /book store (Barns and Noble) and have seen that they offer public
    access wifi hotspots. This means that you don't have to have a password
    or pay anything to get connected.

    Most of these places probably do not have any way of preventing
    hijacking attempts. If I decided to go to my local starbucks and setup
    a fake wifi, theres nothing stopping me.

    But I don't even have to do that to get your passwords. All I have to
    do is throw up a packet sniffer and bam I have all of your email
    passwords/website passwords. POP3 is an unencrypted protocol. WIFI
    access points act as hubs. Unless everything is running SSL all of your
    passwords are being sent out to everyone connected to that WIFI access
    point.

    I'm telling you this to inform those of yall who don't already know, and
    to ask a question to those of you who are in the profession and know
    everything there is to know about wifi.

    What is stopping me from going to Barns and Noble, firing up Ethereal,
    and getting everyones passwords for email/websites? Is there a way to
    disconnect a computer that shows signs of running a packet sniffer? Is
    there even a way to tell that a computer is running a packet sniffer?

    This is something you might expect to see at Defcon or Blackhat but
    probably not in your local Starbucks. Next time you are there, think
    about the security risks and don't check your email or visit a site that
    requires you to have a password unless you send it via SSL (Gmail,
    banking sites, etc).

    I am cross-posting to get as many opinions/answers as possible.

    Thank you for your time
     
    teh Mephisto, Sep 29, 2005
    #1
    1. Advertisements

  2. teh Mephisto

    Imhotep Guest

    Pretty much common knowledge (at least in this news group)....

    Im
     
    Imhotep, Sep 29, 2005
    #2
    1. Advertisements

  3. Most sane users do not poll for email with pop3. They use a VPN
    tunnel provided by their ISP, a VPN tunnel provided by the hot spot
    service company (i.e. Boingo), TLS (transport layer security), or web
    mail using SSL encryption.
    Anyone in the profession that claims to know everything, doesn't.
    Not much. It's a well know problem. Just about any web site the
    mumbles about wireless security mentions that polling for email via an
    unencrypted wireless link is asking for trouble.
    Users can be blocked by MAC address or IP address at the wireless
    router. There are IDS (intrusion detection systems) that look for
    abuse and automagically isolate the offenders. For example:
    http://snort-wireless.org

    It is fairly easy to detect if a user is sniffing. I have a trick
    that detects if a wireless device is in promiscuous mode (required for
    sniffing), but it's marginally reliable and does not work with every
    client. Search Google for "detect promiscuous mode" for how others
    are doing the same thing. For example, a free and commercial
    promiscuous mode scanner:
    http://www.securityfriday.com/products/promiscan.html
    I've used the free version to detect wireless sniffers.



    --
    # Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
    # 831.336.2558 voice Skype: JeffLiebermann
    # http://www.LearnByDestroying.com AE6KS
    # http://802.11junk.com
    # -cruz.ca.us
    #
     
    Jeff Liebermann, Sep 29, 2005
    #3
  4. teh Mephisto

    teh Mephisto Guest

    I think you give people too much credit. From what I have seen, most
    people see "Wireless hotspot here" and go woopee i can get my email and
    surf the web. I will guarentee you that you can go into any starbucks,
    ask how many people know what VPN or SSL are and probably about 1/4 of
    them would be able to tell you, if that. Then they probably don't even
    realize that everyone can see what they are doing on a wireless network.
     
    teh Mephisto, Sep 29, 2005
    #4
  5. teh Mephisto

    Jim Watt Guest

    Hey this is a security group, we tend to think.
    Surfing the web is fine, webmail is fine, providing its on SSL
    We don't all live in the evil empire.
     
    Jim Watt, Sep 29, 2005
    #5
  6. <SNIP>

    Gee,
    I run such a hotspot here at home (different subnet and attached to a
    hardware firewall).

    all my other machines are hard wired to a primary switch. the only reason
    for the hotspot, in case any of my neighbors want on (I have 3 wireless).

    once in a while, I start up a linux box and take a sniff at things....


    oh yeah, one last thing, I use the firewall hooked to the wireless box to
    limit BW to 10K/sec both ways per IP on wireless. it is amazing how well
    that shuts down filesharing. :)

    TMH
     
    Technomage Hawke, Sep 29, 2005
    #6
  7. Um.

    In what way is this different that using any other publicly shared service?

    Incidentally, and in case you hadn't noticed, the Internet itself is.. um..
    a shared public service. Any privacy you happen to gain from someone else's
    routing table is pretty much a side-benefit.

    Coming up next.. blutooth it am teh sc4ry!!!1!!!

    ;o)

    --

    Hairy One Kenobi

    Disclaimer: the opinions expressed in this opinion do not necessarily
    reflect the opinions of the highly-opinionated person expressing the opinion
    in the first place. So there!
     
    Hairy One Kenobi, Sep 29, 2005
    #7
  8. teh Mephisto

    bobrics Guest

    Hi

    could you please provide some reference material (websites or groups
    messages) describing HOW to set up a secure wireless connection and
    more secure ways of using public hotspots.

    Thank you
     
    bobrics, Sep 29, 2005
    #8
  9. teh Mephisto

    Leo Fellmann Guest

    Wossat mean? Every single computer in every lab connected with wifi (
    are they stupid? ) or just total wifi coverage?

    I'm sure many of you have been to a coffee shop
    [snip]

    VPN. VPN is how you do wireless security.
     
    Leo Fellmann, Sep 29, 2005
    #9
  10. teh Mephisto

    teh Mephisto Guest

    I don't know about every single computer in every lab but I do know they
    are completely wireless.
     
    teh Mephisto, Sep 29, 2005
    #10
  11. teh Mephisto

    teh Mephisto Guest

    Now that everyone uses switches, its a lot better than it used to be.
    WIFI is still ran just like a hub, where everyone connected can see
    everything you are doing.

    Sure there are still some hubs around but noones stupid enough to put
    them up where it really matters.
     
    teh Mephisto, Sep 29, 2005
    #11
  12. Not exactly. Wireless 802.11 is bridging. A bridge is a 2 port
    switch. It only lets traffic across the bridge that has a destination
    MAC address that's known to be on the other side of the bridge. Also,
    broadcasts go everywhere. With a hub, access to one port gave me
    access to all the traffic since the hub was just a repeater. With a
    switch, sniffing one port only gives access to that ports traffic.
    It's the same with wireless except that wireless shares a common
    medium (air space) and allows all the bridged/switched connections to
    be simultaneously sniffed. I guess one could say this is like
    something like a hub, but it's still bridging.
    You'll be suprised what I find floating around some networks. The old
    hubs just don't seem to completely disappear and are often more
    conenvenient to use than to purchase a proper switch. I use hubs for
    sniffing ethernet, but that's not a common application.
     
    Jeff Liebermann, Sep 29, 2005
    #12
  13. teh Mephisto

    Doc. Guest

    Even the monitors?

    SCNR :)


    Doc.
     
    Doc., Sep 29, 2005
    #13
  14. thats a mighty tall order man.....

    you might try this search term in google:
    wireless+hotspot+securing+encryption+vpn

    and see what you come up with.
     
    Technomage Hawke, Sep 30, 2005
    #14
  15. teh Mephisto

    Winged Guest

    Shrugs, wireless using something like http://www.cranite.com seems to be
    a relatively secure solution. Tends to defeat intruders and listeners
    fairly effectively. When coupled with wireless IDS to detect attack
    attempts you can secure the network about as well as you can on a wired
    connection.

    Winged
     
    Winged, Sep 30, 2005
    #15
  16. Erm, actually "they" do. Both genuine hubs and switches configured
    for-a-purpose.

    The purpose is usually the same sort of load balancing used by Windows
    (NLBS, or WLBS as it used to be called). It uses MAC spoofing (MS borged a
    company); this doesn't always work on particular Cisco switches, even when
    they've been set to bridge ports (which is the other case you'll commonly
    see. Damned hard to sniff or run an IDS without this sort of facility -
    although you have to be careful that it can handle the sort of traffic that
    you're likely to see, particularly if you're on/near the backbone.).

    I have a military customer that ended up doing this - it was cheaper to
    recycle an old hub than to buy a new switch that actually did what it was
    supposed to (bearing in mind that the selected switch /should/ have had the
    capabilities, but might have broken one of their other security rules.
    They're a customer; they get to do it they was they want <shrug>)

    These sort of configs tend to be where you *really* need load-balancing
    (i.e. at the very heart of "where it really matters")

    In my case, I just have the two hubs - one sits on the Cable Modem
    connection at home (so that I can simply plug-in a sniffer or firewall
    tester); the other is my "network in a bag" that travels with me on-site. UK
    companies generally don't let you plug into their networks, these days, so
    it's a useful last resort for data transfer if we already have someone
    there. Or if I end up running software that's licensed by MAC address -
    modern laptops switch you between different NICs, which buggers all that up.
    Must get around to making one of those "key" thingummies that you used to be
    able to buy.

    H1K
     
    Hairy One Kenobi, Sep 30, 2005
    #16
  17. teh Mephisto

    SMS Guest

    <snip>

    That's why you always want to use VPN to connect via an unknown wireless
    network.

    Google now offers a free VPN service. Supposedly it's slightly less
    secure than some of the paid VPN services but this is according to the
    paid VPN services.

    Some ISPs offer VPN as part of their plans. One reason I chose the ISP
    that I chose is because they offer VPN at no extra charge.
     
    SMS, Sep 30, 2005
    #17
  18. teh Mephisto

    Leo Fellmann Guest

    There's also nothing except lack of free time stopping you using, say,
    openvpn to connect through a computer at home :)
    You are, I take it, talking about wireless ISPs?
     
    Leo Fellmann, Sep 30, 2005
    #18
  19. teh Mephisto

    SMS Guest

    Leo Fellmann wrote:

    No. Some ISPs offers VPN into their server whenever you are at a
    wireless hot spot (and you can use it with wired as well, if you want).
    For example, see: "http://www.sonic.net/features/vpn/". Most ISPs offer
    this only to their business customers, at extra cost, but a few of the
    better regional ISPs include it with every account.

    There are some private companies offering VPN for a fee
    (typically around $40-75 per year), but Google now offers it for free,
    see "http://wifi.google.com/download.html". I guess the question is
    whether or not you trust Google (or trust your ISP or the private VPN
    services for that matter). Google offers it because they are rolling out
    their own free wireless across the country, but it works with any hot spot.
     
    SMS, Sep 30, 2005
    #19
  20. teh Mephisto

    WifiFan Guest

    There are some private companies offering VPN for a fee

    Another company offering VPN for free is iPig, see
    http://www.net-security.org/article.php?id=827
    iPig comes with the iPig SERVER (also freeware), so you can set up your
    own VPN server very easily. Thus the traffic is NOT routed via the
    company's server.
    iPig Server is MUCH easier to install then OpenVPN, basically you just
    start the installer, add the user name and password you want to use,
    and your private VPN server is ready to go.
     
    WifiFan, Sep 30, 2005
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.